I2P client in WhonixWS - rly change fingerprint of TB?

Hello.

I followed instruction from there:

I got working I2P over tor in whonixGW1 machine
installed foxyproxy to torbrowser.
killyourtv proxyfoxy config file is outdated,
so I configured this forxyproxy by hand.

Now my TB open i2p sites as it should and open other sites, and onion thru the TOR PROXY.

Now question. Is it really change browser fingeprinting?

I did some lousy reserch…
made another whonixGW2 (whonix gateway proxy machine)
made another whonix-WS2 from original template
downloaded into it tor-browser-for-linux64
and installed it

now i have 2 different VMs
whonixWS1 (torbrowser with foxyproxy and i2p support) -> whonixGW1

and

whonixWS2 (original torbroswer (pgp checked)) -> whonix GW2 (original)

I did search and go to 4 sites one by one.
every site for WS1 and WS2 show same fingerprint!

So question is it safe use at daily basis whonixWS1 (torbrowser with foxyproxy and i2p support)? Or for site admin is obvious, that browser in WS1 modified and rare case.?

Thank you for your work!

Hi PseodoSecuritey

Taken from https://www.whonix.org/wiki/Tor_Browser

Tor Browser is optimized for anonymity and has a plethora of privacy-enhancing patches and add-ons. With Tor Browser, the user “blends in” and shares the Fingerprint of nearly three million other users, which is advantageous for privacy.

If you are referring to Browser fingerprint then yes, they will all look the same by design.

Even though there’s a risk that Foxyproxy could change TBB’s behavior, it is a common configuration for browsing I2P. It’s probably safe. Be sure the proxying rules are correct, though.

I have never tried the following in Whonix, but there is another option besides Foxyproxy. If “extensions.torbutton.use_nontor_proxy” [1] is set to true in about:config, TBB will honor changes made to its proxy settings. For instance, if you enable I2P’s HTTP proxy (the HTTPS proxy is worthless unless you have a specific need for it) and leave the other fields as they are, the SOCKS proxy will pick up everything else. The disadvantage is that Tor will not be allowed to handle http connections - including most onion services. You could try using I2P’s outproxy or the Orchid plugin to overcome this.

[1] http://ea5faa5po25cf7fb.onion/projects/tor/ticket/16917#comment:14

http://trac.torproject.org/projects/tor/ticket/16917#comment:14

I have used more advanced fingerprint test pages, and subtle difference of browser is here.
It’s like
Original TB (one of 609**,6** machines)
TB+i2p+foxyproxy(one of 609**,5** machines)
So there is really change in fingerprinting.

Best way to stay stealth - use 2 instances of Tor Browser.
Original TB
and
TB for I2p - in this case foxyproxy not needed at all.

What pages did you test with?

I’m an addicted i2p-er with a powerful system and you’ll not get much i2p performance through Whonix. If you insist going this route (TOR 2 i2p) make sure you shorten tunnels to 0 or 1 and increase backup quantity http://127.0.0.1:7657/configtunnels (2 many other details like disable udp etc).

There are 2 solutions.

1. install i2pd which is faster more secure but less features that you love.
2. install Fedora 27 Security Labs and install your i2p here ( as a template and use it for NetVM) some work but doable. FSL is smaller than regular Fedora.
   Do not expect quick gratification or future help from me!

One more very important thing. In MY opinion TB is a piece of junk that I’ve been hacked through the most. I do not open it to often if ever.